Skip to content

PICARD-3002: Use Azure Trusted Signing for code signing #2044

PICARD-3002: Use Azure Trusted Signing for code signing

PICARD-3002: Use Azure Trusted Signing for code signing #2044

Workflow file for this run

name: Package and release
on:
push:
paths:
- '.github/workflows/package*.yml'
- '.github/workflows/pypi-release.yml'
- 'installer/**'
- 'picard/**'
- 'po/**.po'
- 'resources/win10/**'
- 'scripts/package/*'
- 'scripts/pyinstaller/*'
- 'test/**'
- 'appxmanifest.xml.in'
- 'picard.icns'
- 'picard.ico'
- 'picard.spec'
- 'requirements*.txt'
- 'setup.py'
- 'tagger.py.in'
- 'win.version-info.txt.in'
pull_request:
permissions: {}
jobs:
package-macos:
uses: ./.github/workflows/package-macos.yml
strategy:
fail-fast: false
secrets: inherit
package-windows:
uses: ./.github/workflows/package-windows.yml
strategy:
fail-fast: false
secrets: inherit
package-pypi:
uses: ./.github/workflows/package-pypi.yml
strategy:
fail-fast: false
secrets: inherit
permissions:
id-token: write
github-release:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- package-macos
- package-windows
- package-pypi
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.12
- uses: actions/download-artifact@v4
with:
name: macos-app-10.14
path: artifacts/
# - uses: actions/download-artifact@v4
# with:
# name: windows-signed-app
# path: artifacts/
- uses: actions/download-artifact@v4
with:
name: windows-store-app
path: artifacts/
- uses: actions/download-artifact@v4
with:
name: windows-installer
path: artifacts/
- uses: actions/download-artifact@v4
with:
name: windows-portable
path: artifacts/
- uses: actions/download-artifact@v4
with:
name: picard-sdist
path: artifacts/
- name: Generate checksums
run: |
cd artifacts
sha256sum * > SHA256SUMS
- name: Prepare changelog
id: changelog
continue-on-error: true
run: |
PICARD_VERSION=$(python -c "import picard; print(picard.__version__)")
echo "version=$PICARD_VERSION" >> $GITHUB_OUTPUT
if [[ "$PICARD_VERSION" =~ (a|b|rc|dev) ]]; then
echo "::notice::Releasing pre-release $PICARD_VERSION"
echo "prerelease=true" >> $GITHUB_OUTPUT
else
echo "::notice::Releasing production release $PICARD_VERSION"
fi
echo -e "*Please refer to the [download page](https://picard.musicbrainz.org/downloads/) for official download locations.*\n" > changes-$PICARD_VERSION.md
./scripts/tools/changelog-for-version.py $PICARD_VERSION >> changes-$PICARD_VERSION.md
- name: Create release
uses: softprops/action-gh-release@v2
with:
name: MusicBrainz Picard ${{ steps.changelog.outputs.version }}
body_path: changes-${{ steps.changelog.outputs.version }}.md
prerelease: ${{ steps.changelog.outputs.prerelease }}
files: artifacts/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}